Are you an auditor? Not in the sense of one who "audits" web applications for vulnerabilities, but one engaged in the professional practice of internal auditing. Have you been audited? (No, not by the IRS.) Do you really know what auditors do, how the appsec "world" looks to them, and how they can help you?

The IIA defines auditing as "an independent, objective assurance and consulting activity designed to add value and improve an organization's operations. It helps an organization accomplish its objectives by bringing a systematic, disciplined approach to evaluate and improve the effectiveness of risk management, control, and governance processes."

This working session aims to:

Educate security professionals and developers on, and dispel the myths about, audit and control

If you are interested in participating in this working session please edit the Working Session Participants section below to add your name & areas of interest. Please feel free to join the discussion of this working session in the Summit 2011 Working Sessions Google Group.